Ssl – Apache redirect from ssl subdomain not working

apache-2.4httpsredirectsslsubdomain

I am trying to redirect all traffic to https and all subdomains to main domain and can't get it right. I am using Ubuntu 14.04 with latest apache2.

I set up virtualhost for port 80 to redirect all traffic to https:

<VirtualHost *:80>
ServerName example.com
Redirect permanent / https://example.com/
</VirtualHost>

and setup ssl virtualhost to redirect all subdomains to main domain:

    <IfModule mod_ssl.c>
<VirtualHost *:443>
     ServerAdmin admin@example.com
     ServerName example.com
     ServerAlias *.example.com
     DocumentRoot /var/www/example.com/public_html/
     ErrorLog /var/www/example.com/logs/error.log
     CustomLog /var/www/example.com/logs/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
Include /etc/letsencrypt/options-ssl-apache.conf
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/example.com-0001/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com-0001/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/example.com-0001/chain.pem

Redirect permanent / https://example.com

</VirtualHost>

</IfModule>

Result is as follows:

WORKING http://example.com to https://example.com

WORKING http://anything.example.com to https://example.com

NOT WORKING https://anything.example.com to https://example.com

Question is: how I redirect ssl subdomain to main domain?

Please tell me what am I doing wrong.

Thanks a lot.

Best Answer

Given that it appears that Let's Encrypt will only begin issuing wildcard certificates in January 2018, and your server setup is earlier, it appears that you are not using a wildcard SSL certificate.

In order to connect with https, even to redirect or process your "alias," you have to have a valid SSL certificate for whatever domain the client sends.

The SSL handshake takes place before anything in the Apache server is processed. In other words, if you are not using a wildcard SSL certificate, the SSL handshake will fail for https://anything.example.com before the Apache configuration file ever has a chance to process the alias.

Whatever else may be an issue, this must be corrected before any further diagnosis, if required, can be had. For example, if the desired behavior is that the https://anything.example.com be "redirected" to http://example.com you will probably have to use a mod_rewrite condition match as the RedirectMatch directive is only matched against the URL-path, and the use of ServerAlias will create the necessary match for handling the initial query, but will not attempt to "rewrite" or "redirect" the query to another desired URL.

Related Topic